marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* i2ptunnel: Implement access lists for TCP servers.

Browse Source 
Enter b32 or b64 hash or dest into list box, and
      check enable for whitelist. Uncheck enable and enter
      i2cp.enableBlackList=true in advanced i2cp options for
      blacklist. Todo: make black/whitelists radio buttons.
This commit is contained in:
zzz
2010-04-12 19:18:21 +00:00
parent aac96b15b0
commit 63562ddd48
6 changed files with 110 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/i2ptunnel/jsp/editClient.jsp
View File

@@ -424,9 +424,9 @@
<span class="comment"><%=intl._("NOTE: If tunnel is currently running, most changes will not take effect until tunnel is stopped and restarted.")%></span> <span class="comment"><%=intl._("NOTE: If tunnel is currently running, most changes will not take effect until tunnel is stopped and restarted.")%></span>
<div class="separator"><hr /></div> <div class="separator"><hr /></div>
<input type="hidden" value="true" name="removeConfirm" /> <input type="hidden" value="true" name="removeConfirm" />
<button id="controlSave" accesskey="S" class="control" type="submit" name="action" value="Save changes" title="Save Changes"><%=intl._("Save")%>(<span class="accessKey">S</span>)</button>
<button id="controlDelete" <%=(editBean.allowJS() ? "onclick=\"if (!confirm('Are you sure you want to delete?')) { return false; }\" " : "")%>accesskey="D" class="control" type="submit" name="action" value="Delete this proxy" title="Delete this Proxy"><%=intl._("Delete")%>(<span class="accessKey">D</span>)</button>
<button id="controlCancel" class="control" type="submit" name="action" value="" title="Cancel"><%=intl._("Cancel")%></button> <button id="controlCancel" class="control" type="submit" name="action" value="" title="Cancel"><%=intl._("Cancel")%></button>
<button id="controlDelete" <%=(editBean.allowJS() ? "onclick=\"if (!confirm('Are you sure you want to delete?')) { return false; }\" " : "")%>accesskey="D" class="control" type="submit" name="action" value="Delete this proxy" title="Delete this Proxy"><%=intl._("Delete")%>(<span class="accessKey">D</span>)</button>
<button id="controlSave" accesskey="S" class="control" type="submit" name="action" value="Save changes" title="Save Changes"><%=intl._("Save")%>(<span class="accessKey">S</span>)</button>
</div> </div>
</div> </div>
</div> </div>

6
apps/i2ptunnel/jsp/editServer.jsp
View File

@@ -341,7 +341,7 @@
<div id="optionsField" class="rowItem"> <div id="optionsField" class="rowItem">
<label for="access" accesskey="s"> <label for="access" accesskey="s">
<%=intl._("Restricted Access List")%>(<span class="accessKey">s</span>): <i><%=intl._("Unimplemented")%></i> <%=intl._("Restricted Access List")%>(<span class="accessKey">s</span>):
</label> </label>
</div> </div>
<div id="portField" class="rowItem"> <div id="portField" class="rowItem">
@@ -457,9 +457,9 @@
<span class="comment"><%=intl._("NOTE: If tunnel is currently running, most changes will not take effect until tunnel is stopped and restarted.")%></span> <span class="comment"><%=intl._("NOTE: If tunnel is currently running, most changes will not take effect until tunnel is stopped and restarted.")%></span>
<div class="separator"><hr /></div> <div class="separator"><hr /></div>
<input type="hidden" value="true" name="removeConfirm" /> <input type="hidden" value="true" name="removeConfirm" />
<button id="controlSave" accesskey="S" class="control" type="submit" name="action" value="Save changes" title="Save Changes"><%=intl._("Save")%>(<span class="accessKey">S</span>)</button>
<button id="controlDelete" <%=(editBean.allowJS() ? "onclick=\"if (!confirm('Are you sure you want to delete?')) { return false; }\" " : "")%>accesskey="D" class="control" type="submit" name="action" value="Delete this proxy" title="Delete this Proxy"><%=intl._("Delete")%>(<span class="accessKey">D</span>)</button>
<button id="controlCancel" class="control" type="submit" name="action" value="" title="Cancel"><%=intl._("Cancel")%></button> <button id="controlCancel" class="control" type="submit" name="action" value="" title="Cancel"><%=intl._("Cancel")%></button>
<button id="controlDelete" <%=(editBean.allowJS() ? "onclick=\"if (!confirm('Are you sure you want to delete?')) { return false; }\" " : "")%>accesskey="D" class="control" type="submit" name="action" value="Delete this proxy" title="Delete this Proxy"><%=intl._("Delete")%>(<span class="accessKey">D</span>)</button>
<button id="controlSave" accesskey="S" class="control" type="submit" name="action" value="Save changes" title="Save Changes"><%=intl._("Save")%>(<span class="accessKey">S</span>)</button>
</div> </div>
</div> </div>
</div> </div>

26
apps/streaming/java/src/net/i2p/client/streaming/ConnectionManager.java
View File

@@ -135,6 +135,14 @@ public class ConnectionManager {
// active++; // active++;
//} //}
if (locked_tooManyStreams()) { if (locked_tooManyStreams()) {
if (_log.shouldLog(Log.WARN))
_log.warn("Refusing connection since we have exceeded our max of "
+ _maxConcurrentStreams + " connections");
reject = true;
} else if (shouldRejectConnection(synPacket)) {
_log.error("Refusing connection since peer is " +
(_defaultOptions.isAccessListEnabled() ? "not whitelisted: " : "blacklisted: ") +
(synPacket.getOptionalFrom() == null ? "null from" : synPacket.getOptionalFrom().calculateHash().toBase64()));
reject = true; reject = true;
} else { } else {
while (true) { while (true) {
@@ -151,9 +159,6 @@ public class ConnectionManager {
_context.statManager().addRateData("stream.receiveActive", active, total); _context.statManager().addRateData("stream.receiveActive", active, total);
if (reject) { if (reject) {
if (_log.shouldLog(Log.WARN))
_log.warn("Refusing connection since we have exceeded our max of "
+ _maxConcurrentStreams + " connections");
PacketLocal reply = new PacketLocal(_context, synPacket.getOptionalFrom()); PacketLocal reply = new PacketLocal(_context, synPacket.getOptionalFrom());
reply.setFlag(Packet.FLAG_RESET); reply.setFlag(Packet.FLAG_RESET);
reply.setFlag(Packet.FLAG_SIGNATURE_INCLUDED); reply.setFlag(Packet.FLAG_SIGNATURE_INCLUDED);
@@ -270,6 +275,21 @@ public class ConnectionManager {
return (active >= _maxConcurrentStreams); return (active >= _maxConcurrentStreams);
} }
private boolean shouldRejectConnection(Packet syn) {
// unfortunately we don't have access to the router client manager here,
// so we can't whitelist local access
Destination from = syn.getOptionalFrom();
if (from == null)
return true;
// if the sig is absent or bad it will be caught later (in CPH)
if (_defaultOptions.isAccessListEnabled())
return !_defaultOptions.getAccessList().contains(from.calculateHash());
if (_defaultOptions.isBlacklistEnabled())
return _defaultOptions.getBlacklist().contains(from.calculateHash());
return false;
}
public MessageHandler getMessageHandler() { return _messageHandler; } public MessageHandler getMessageHandler() { return _messageHandler; }
public PacketHandler getPacketHandler() { return _packetHandler; } public PacketHandler getPacketHandler() { return _packetHandler; }
public I2PSession getSession() { return _session; } public I2PSession getSession() { return _session; }

70
apps/streaming/java/src/net/i2p/client/streaming/ConnectionOptions.java
View File

@@ -1,6 +1,15 @@
package net.i2p.client.streaming; package net.i2p.client.streaming;
import java.util.Collections;
import java.util.HashSet;
import java.util.Properties; import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import net.i2p.I2PAppContext;
import net.i2p.data.Hash;
import net.i2p.util.ConvertToHash;
import net.i2p.util.Log;
/** /**
* Define the current options for the con (and allow custom tweaking midstream) * Define the current options for the con (and allow custom tweaking midstream)
@@ -27,6 +36,10 @@ public class ConnectionOptions extends I2PSocketOptionsImpl {
private int _maxWindowSize; private int _maxWindowSize;
private int _congestionAvoidanceGrowthRateFactor; private int _congestionAvoidanceGrowthRateFactor;
private int _slowStartGrowthRateFactor; private int _slowStartGrowthRateFactor;
private boolean _accessListEnabled;
private boolean _blackListEnabled;
private Set<Hash> _accessList;
private Set<Hash> _blackList;
public static final int PROFILE_BULK = 1; public static final int PROFILE_BULK = 1;
public static final int PROFILE_INTERACTIVE = 2; public static final int PROFILE_INTERACTIVE = 2;
@@ -54,6 +67,9 @@ public class ConnectionOptions extends I2PSocketOptionsImpl {
public static final String PROP_CONGESTION_AVOIDANCE_GROWTH_RATE_FACTOR = "i2p.streaming.congestionAvoidanceGrowthRateFactor"; public static final String PROP_CONGESTION_AVOIDANCE_GROWTH_RATE_FACTOR = "i2p.streaming.congestionAvoidanceGrowthRateFactor";
public static final String PROP_SLOW_START_GROWTH_RATE_FACTOR = "i2p.streaming.slowStartGrowthRateFactor"; public static final String PROP_SLOW_START_GROWTH_RATE_FACTOR = "i2p.streaming.slowStartGrowthRateFactor";
public static final String PROP_ANSWER_PINGS = "i2p.streaming.answerPings"; public static final String PROP_ANSWER_PINGS = "i2p.streaming.answerPings";
public static final String PROP_ENABLE_ACCESS_LIST = "i2cp.enableAccessList";
public static final String PROP_ENABLE_BLACKLIST = "i2cp.enableBlackList";
public static final String PROP_ACCESS_LIST = "i2cp.accessList";
private static final int TREND_COUNT = 3; private static final int TREND_COUNT = 3;
static final int INITIAL_WINDOW_SIZE = 6; static final int INITIAL_WINDOW_SIZE = 6;
@@ -205,6 +221,7 @@ public class ConnectionOptions extends I2PSocketOptionsImpl {
setWriteTimeout(opts.getWriteTimeout()); setWriteTimeout(opts.getWriteTimeout());
setReadTimeout(opts.getReadTimeout()); setReadTimeout(opts.getReadTimeout());
setAnswerPings(opts.getAnswerPings()); setAnswerPings(opts.getAnswerPings());
initLists(opts);
} }
} }
@@ -230,6 +247,7 @@ public class ConnectionOptions extends I2PSocketOptionsImpl {
setSlowStartGrowthRateFactor(getInt(opts, PROP_SLOW_START_GROWTH_RATE_FACTOR, 1)); setSlowStartGrowthRateFactor(getInt(opts, PROP_SLOW_START_GROWTH_RATE_FACTOR, 1));
setConnectTimeout(getInt(opts, PROP_CONNECT_TIMEOUT, Connection.DISCONNECT_TIMEOUT)); setConnectTimeout(getInt(opts, PROP_CONNECT_TIMEOUT, Connection.DISCONNECT_TIMEOUT));
setAnswerPings(getBool(opts, PROP_ANSWER_PINGS, DEFAULT_ANSWER_PINGS)); setAnswerPings(getBool(opts, PROP_ANSWER_PINGS, DEFAULT_ANSWER_PINGS));
initLists(opts);
} }
@Override @Override
@@ -272,6 +290,7 @@ public class ConnectionOptions extends I2PSocketOptionsImpl {
setConnectTimeout(getInt(opts, PROP_CONNECT_TIMEOUT, Connection.DISCONNECT_TIMEOUT)); setConnectTimeout(getInt(opts, PROP_CONNECT_TIMEOUT, Connection.DISCONNECT_TIMEOUT));
if (opts.containsKey(PROP_ANSWER_PINGS)) if (opts.containsKey(PROP_ANSWER_PINGS))
setAnswerPings(getBool(opts, PROP_ANSWER_PINGS, DEFAULT_ANSWER_PINGS)); setAnswerPings(getBool(opts, PROP_ANSWER_PINGS, DEFAULT_ANSWER_PINGS));
initLists(opts);
} }
/** /**
@@ -504,6 +523,57 @@ public class ConnectionOptions extends I2PSocketOptionsImpl {
public int getSlowStartGrowthRateFactor() { return _slowStartGrowthRateFactor; } public int getSlowStartGrowthRateFactor() { return _slowStartGrowthRateFactor; }
public void setSlowStartGrowthRateFactor(int factor) { _slowStartGrowthRateFactor = factor; } public void setSlowStartGrowthRateFactor(int factor) { _slowStartGrowthRateFactor = factor; }
public boolean isAccessListEnabled() { return _accessListEnabled; }
public boolean isBlacklistEnabled() { return _blackListEnabled; }
public Set<Hash> getAccessList() { return _accessList; }
public Set<Hash> getBlacklist() { return _blackList; }
private void initLists(ConnectionOptions opts) {
_accessListEnabled = opts.isAccessListEnabled();
_blackListEnabled = opts.isBlacklistEnabled();
_accessList = opts.getAccessList();
_blackList = opts.getBlacklist();
}
private void initLists(Properties opts) {
_accessListEnabled = getBool(opts, PROP_ENABLE_ACCESS_LIST, false);
_blackListEnabled = getBool(opts, PROP_ENABLE_BLACKLIST, false);
if (_accessListEnabled)
_accessList = new HashSet();
else
_accessList = Collections.EMPTY_SET;
if (_blackListEnabled)
_blackList = new HashSet();
else
_blackList = Collections.EMPTY_SET;
if (!(_accessListEnabled || _blackListEnabled))
return;
String hashes = opts.getProperty(PROP_ACCESS_LIST);
if (hashes == null)
return;
StringTokenizer tok = new StringTokenizer(hashes, ", ");
while (tok.hasMoreTokens()) {
String hashstr = tok.nextToken();
Hash h = ConvertToHash.getHash(hashstr);
if (h == null)
error("bad list hash: " + hashstr);
else if (_blackListEnabled)
_blackList.add(h);
else
_accessList.add(h);
}
if (_accessListEnabled && _accessList.isEmpty())
error("Connection access list enabled but no valid entries; no peers can connect");
else if (_blackListEnabled && _blackList.isEmpty())
error("Connection blacklist enabled but no valid entries; all peers can connect");
}
private static void error(String s) {
I2PAppContext ctx = I2PAppContext.getGlobalContext();
Log log = ctx.logManager().getLog(ConnectionOptions.class);
log.error(s);
}
@Override @Override
public String toString() { public String toString() {
StringBuilder buf = new StringBuilder(128); StringBuilder buf = new StringBuilder(128);

11
history.txt
View File

@@ -1,3 +1,14 @@
2010-04-12 zzz
* configstats.jsp: Fix full stats checkbox default
* i2psnark:
- Concurrent, limit, display, log tweaks
* i2ptunnel: Implement access lists for TCP servers.
Enter b32 or b64 hash or dest into list box, and
check enable for whitelist. Uncheck enable and enter
i2cp.enableBlackList=true in advanced i2cp options for
blacklist. Todo: make black/whitelists radio buttons.
* LogManager: Concurrent
2010-04-10 zzz 2010-04-10 zzz
* i2psnark: * i2psnark:
- Disconnect seeds that connect to a seed - Disconnect seeds that connect to a seed

2
router/java/src/net/i2p/router/RouterVersion.java
View File

@@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */ /** deprecated */
public final static String ID = "Monotone"; public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION; public final static String VERSION = CoreVersion.VERSION;
public final static long BUILD = 8; public final static long BUILD = 9;
/** for example "-test" */ /** for example "-test" */
public final static String EXTRA = ""; public final static String EXTRA = "";